Camera: Change error for app ops reject, propagate binder errors

INVALID_OPERATION surfaces as an non-specific device-level error to
applications in the onError callback. This is not a condition apps
targeting camera2 in L will generally have to deal with.

Instead, return -EACCESS which maps to throwing
CameraAccessException.CAMERA_DISABLED, same as disabling camera access
with DevicePolicyManager.

The old camera API converts any error code to -EACCESS at the JNI layer,
so this doesn't change anything for the older API.

Also update the various native ICameraService binder connect calls to
check for the transact error code, and return it if it is not OK.
Without this, PERMISSION_DENIED transact errors from the camera
service cannot be distinguished from CAMERA_DISABLED errors in
some codepaths.

Bug: 21604925
Change-Id: Ifccc8989b8c20653429e2d3e51dba7abb2be9c35